Julkisen avaimen salaus
Johdanto
Thisisjustoneaspectofthecurrentcryptographytheme.Theverificationofthetrueidentityofthesenderandreceiveroftheinformation,thenon-repudiationofthesent/receivedinformationafterthefact,andtheprotectionoftheintegrityofthedataareotheraspectsofmoderncryptography.
Thepublickeycryptosystemhasprovidedexcellentanswerstothesetwoissues,andmanynewideasandsolutionsarecontinuingtobeproduced.Inthepublickeysystem,theencryptionkeyisdifferentfromthedecryptionkey.Peoplemaketheencryptionkeypublicandanyonecanuseit;andthedecryptionkeyisonlyknowntothedecryptor.Amongallpublickeycryptosystemssofar,theRSAsystemisthemostfamousandwidelyusedone.
Kehitysprosessi
In1976,apublickeycryptosystemwasproposed,theprincipleofwhichistoseparatetheencryptionkeyandthedecryptionkey.Inthisway,aspecificusercanpublicizetheencryptionkeyandalgorithmhedesigned,andonlykeepthedecryptionkeysecret.Anyonewhousesthisencryptionkeyandalgorithmtosendencryptedinformationtotheusercanrestoreit.Theadvantageofpublickeycryptographyisthatitdoesnotneedtopassthekeythroughasecurechannel,whichgreatlysimplifieskeymanagement.Itsalgorithmissometimescalledpublickeyalgorithmorpublickeyalgorithmforshort.
In1978,aspecificimplementationplanforpublickeycryptography,theRSAplan,wasproposed.
TheDSAalgorithmproposedin1991isalsoapublickeyalgorithm,whichhasgreaterapplicationadvantagesindigitalsignatures.
Käsitteet
Somebasicconceptsandstructuralcomponentsinthepublickeyarchitecture.
KeypairInasecuritysystembasedonapublickeysystem,keysaregeneratedinpairs,andeachpairofkeysiscomposedofapublickeyandaprivatekey.Inpracticalapplications,theprivatekeyiskeptbytheowner,whilethepublickeyneedstobepublishedtothepublic.Inordertomakethebusinessbasedonthepublickeysystem(suchase-commerce,etc.)widelyused,afundamentalandkeyissueisthedistributionandmanagementofpublickeys.
Thepublickeyitselfisnotmarked,andtheownerofthepublickeycannotbedistinguishedfromthepublickeyalone.
Inaverysmallarea,suchasasmallgroupoftwopeoplelikeAandB,theytrusteachother,exchangepublickeys,andcommunicateontheInternetwithoutanyproblems.Ifthisgroupisalittlelarger,itmaynotbeaproblemtotrusteachother,butfromalegalperspective,suchtrustisalsoproblematic.Ifitisbigger,thetrustproblembecomesabigproblem.
Todistus
TheusergroupoftheInternetisbynomeansasmallgroupofpeoplewhotrusteachother.Inthisusergroup,fromalegalpointofview,userscannoteasilytrusteachother.Therefore,thepublickeyencryptionsystemhasadoptedanotherapproach,linkingthepublickeywiththenameoftheownerofthepublickey,andthenaskacredible,fairandauthoritativeorganizationthateveryonecantrusttoconfirm,andaddthesignatureofthisauthority.Thisformsthecertificate.
Becausethecertificateissignedbyanauthority,everyonebelievesthatthecontentonthecertificateistrustworthy;andbecausethecertificatehasidentityinformationsuchastheowner’sname,otherscaneasilyknowthepublickeyWhoistheowner.
CA
Theauthoritymentionedaboveistheelectronicvisaauthority,orCA.CA(TodistusAuthority)alsohasacertificate(containingapublickey),ofcourse,italsohasitsownprivatekey,soithastheabilitytosign.OnlinepublicuserstrusttheCA(TodistusAuthority)byverifyingthesignatureoftheCA(TodistusAuthority).Anyoneshouldbeabletoobtainthecertificate(includingthepublickey)oftheCA(TodistusAuthority)toverifythecertificateissuedbyit.
Iftheuserwantstogetacertificateofhisown,heshouldfirstapplytotheCA(TodistusAuthority).AftertheCA(TodistusAuthority)determinestheidentityoftheapplicant,itassignshimapublickey,andtheCA(TodistusAuthority)bindsthepublickeytotheapplicant’sidentityinformationandsignsittoformacertificateTothatuser(applicant).
Ifauserwantstoverifytheauthenticityofanothercertificate,hewillusetheCA’spublickeytoverifythesignatureonthatcertificate(asmentionedabove,theCAsignatureisactuallypassedbytheCA(TodistusAuthority)Informationencryptedbytheprivatekey,theprocessofsignatureverificationisaccompaniedbytheprocessofdecryptingusingtheCA(TodistusAuthority)publickey).Oncetheverificationispassed,thecertificateisconsideredvalid.
Inadditiontoissuingcertificates,CA(TodistusAuthority)hasanotherimportantroleinthemanagementofcertificatesandkeys.
Itcanbeseenthatthecertificateistheuser’selectronicpersonalIDcardontheInternet,whichhasthesamefunctionasthepersonalIDcardusedindailylife.CA(TodistusAuthority)isequivalenttotheonlinepublicsecuritybureau,whichspecializesinissuingandverifyingIDcards.
Algoritmi
Johdanto
ThepublickeyalgorithmwasdevelopedbyDiffieandHellmanatStanfordUniversityin1976.Thetwofirstinventedit(thesis"NewDirectioninCryptography").ButcurrentlythemostpopularRSAwasjointlydevelopedbyMITprofessorsRonaldL.Rivest,AdiShamirandLeonardM.Adlemanin1977,andwascomposedofthefirstlettersofthenamesofthreemathematicians.
Theideaofthepublickeycryptosystemproposedin1976isdifferentfromthetraditionalsymmetrickeycryptosystem.Itrequireskeystoappearinpairs,oneistheencryptionkey(e),andtheotheristhedecryptionkey.(d),anditisimpossibletodeduceonefromtheother.Since1976,avarietyofpublic-keycryptographicalgorithmshavebeenproposed,manyofwhichareinsecure,someareconsideredsecureandmanyarenotpractical.Theyareeitherthekeyistoolarge,ortheciphertextisveryextended.serious.Thesecurityfoundationofmostcryptographicalgorithmsisbasedonsomemathematicalproblems,whichexpertsbelievecannotbesolvedinashortperiodoftime.Becausesomeproblems(suchasfactorizationproblems)havebeenthousandsofyearsold.
Publickeyencryptionalgorithm,alsocalledasymmetrickeyalgorithm,usestwopairsofkeys:apublickeyandaprivatekey.Theusermustensurethesecurityoftheprivatekey;thepublickeycanbereleased.Publickeyandprivatekeyarecloselyrelated.Informationencryptedwithpublickeycanonlybedecryptedwithprivatekey,andviceversa.Sincethepublickeyalgorithmdoesnotrequireanonlinekeyserverandthekeydistributionprotocolissimple,thekeymanagementisgreatlysimplified.Inadditiontoencryptionfunctions,publickeysystemscanalsoprovidedigitalsignatures.
RSA
ThemostwidelyusedpublickeyencryptionalgorithmisRSA.RSAusestwokeys,apublickeyandaprivatekey.Ifoneisusedforencryption,theothercanbeusedfordecryption.Thekeylengthisvariablefrom40to2048bits.Theplaintextisalsodividedintoblocksduringencryption.Theblocksizeisvariablebutcannotexceedthelengthofthekey.TheRSAalgorithmdivideseachblockofplaintextConvertedintoaciphertextblockwiththesamelengthasthekey.Thelongerthekey,thebettertheencryptioneffect,butthecostofencryptionanddecryptionisalsogreater,sotheremustbeacompromisebetweensecurityandperformance.Generally,64-bitismoreappropriate.Awell-knownapplicationofRSAisSSL.IntheUnitedStatesandCanada,the128-bitRSAalgorithmisusedforSSL.Duetoexportrestrictions,the40-bitversioniscommonlyusedinotherregions(includingChina).
TheoriginalconceptandgoalofRSAalgorithmdevelopmentistomaketheInternetsafeandreliable,aimingtosolvetheproblemoftheuseofopenchanneltransmissionanddistributionofthesecretkeyoftheDESalgorithm.Theactualresultsnotonlysolvethisproblemwell;RSAcanalsobeusedtocompletethedigitalsignatureofthemessagetoresistthedenialanddenialofthemessage;atthesametime,thedigitalsignaturecanbeusedtoeasilydetecttheillegaltamperingofthemessagebytheattacker.Toprotecttheintegrityofdatainformation.
Tietoturvatavoitteet
Generally,thegoalsofinformationsecuritycanbesummarizedassolvingthefollowingproblemsofinformation:
Confidentialityensuresthatinformationisnotleakedtounauthorizedpersons.Anyoneauthorized.
Integritypreventsinformationfrombeingtamperedwithbyunauthorizedpersons.
Availabilityguaranteesthatinformationandinformationsystemsareindeedusedbyauthorizedpersons.
Controllability(Controllability)implementssecuritymonitoringofinformationandinformationsystemstopreventillegaluseofinformationandinformationsystems.
Passwordisakindoftransformation.Theuseofpasswordtransformationtoprotectinformationsecretsisthemostprimitiveabilityofpasswords.However,withthedevelopmentofinformationandinformationtechnology,moderncryptographyisnotonlyusedtosolvetheproblemofinformationConfidentiality,butalsousedtosolvetheintegrity,availabilityandcontrollabilityofinformation.Itcanbesaidthatpasswordisthemosteffectivemeanstosolveinformationsecurity,andpasswordtechnologyisthecoretechnologytosolveinformationsecurity.
Theadvantageofpublickeysisthatyoumaynotknowanentity,butaslongasyourserverbelievesthattheentity’sCAisreliable,youcancommunicatesecurely.ThisisexactlywhatWebcommerceis.Requiredforsuchabusiness.Forexample,creditcardshopping.TheservicepartycanauthorizeitsownresourcesaccordingtothereliabilityoftheissuingorganizationoftheclientCA.Atpresent,thereisnoCAthatcanbewidelytrustedathomeandabroad.TheproductsofAmericanNatescapeCompanysupportpublickey,butNatescapeCompanyisregardedastheCA.ItisunthinkableinChinathataforeigncompanyactsasaCA.
Theprocessingspeedofthepublickeyschemeisslowerthanthatofthesecretkeyscheme.Therefore,thepublickeyandtheprivatekeytechnologyareusuallycombinedtoachievethebestperformance.Thatis,thepublickeytechnologyisusedtotransfertheprivatekeybetweenthecommunicationparties,andtheprivatekeyisusedtoencryptanddecrypttheactualdatatransmitted.Inaddition,publickeyencryptionisalsousedtoencryptprivatekeys.
Amongthesesafeandpracticalalgorithms,somearesuitableforkeydistribution,somecanbeusedasencryptionalgorithms,andsomeareonlyusedfordigitalsignatures.Mostalgorithmsrequirelargenumberoperations,sotheimplementationspeedisveryslowandcannotbeusedforfastdataencryption.Thefollowingwillintroduceatypicalpublickeycryptographicalgorithm-RSA.
RSAalgorithmcompletesthedigitalsignatureofthemessageverywelltoresistthedenialanddenialofthedata;itiseasiertofindtheillegaltamperingofthemessagebytheattackerbyusingthedigitalsignaturetoprotecttheintegrityofthedatainformation.Sofar,manyencryptiontechnologiesuseRSAalgorithm,suchasPGP(PrettyGoodPrivacy)encryptionsystem,whichisatoolsoftwarethatcanbeusedtoencrypt,decryptordigitallysignfilesafterregisteringwiththecertificationcenter.PGPusesRSAalgorithm.ItcanbeseenthatRSAhasverygoodapplications.
Tuottaa
1.Choosetwolargeprimenumbers,pandq,andcalculaten=qp,whereniscalledthemodulusoftheRSAalgorithm.pandqmustbekeptsecret.Generally,pandqarerequiredtobesecureprimenumbers,andthelengthofnisgreaterthan1024bits.ThisismainlybecausethesecurityoftheRSAalgorithmreliesontheproblemoffactoringlargenumbers.
2.LaskeEuler-lukun
φ(n)=(p-1)(q-1)
φ(n)isdefinedasThenumberofnumbersthatdonotexceednandarerelativelyprimeton.
3.Valitse sitten satunnaisestisalausavain ja valitseluku, joka on suhteellisen ensisijainen φ(n)arvosta[0,φ(n)-1]julkisena salausindeksinä.
4.Finally,theEuclidalgorithmisusedtocalculatethedecryptionkeyd,whichsatisfiesde≡1(modφ(n)).Amongthem,nanddshouldalsoberelativelyprime.Thenumberseandnarepublickeys,anddistheprivatekey.Thetwoprimenumberspandqarenolongerneededandshouldbediscardedwithoutlettinganyoneknow.
5. Hanki tarvittava julkinen avain ja salainen avain:
Julkinen avain(ieencryptionkey)PK=(e,n)
Salainen avain(salauksenpurkuavain)SK=(d,n)
Salaus ja salauksen purku
1.Whenencryptinginformationm(binaryrepresentation),firstdividemintoequal-lengthdataBlockm1,m2,...,mi,blocklengths,where2^s<=n,sisaslargeaspossible.
2. Vastaava salausteksti:ci≡mi^e(modn)(a)
3.Salauksen purkamisen yhteydessä lasketaan seuraavasti:mi≡ci^d(modn)(b)RSA:ta voidaan käyttää digitaalisiin allekirjoituksiin, järjestelmä käyttää(a)allekirjoitustaja(b)varmennusta.